TCP Intercept


Scenario:

As part of the security team you are always looking for ways to improve security within the company. Lately the company is under fire by TCP SYN floods. You don’t have any budget to buy some firewalls so you decide to look for a cheaper solution to solve this problem. You heard some good things about the “TCP Intercept” feature so you decide to look into it.

Goal:

  • All IP addresses have been configured for you, look at the topology picture for the IP addresses.
  • OSPF hasConf been preconfigured for you on all routers.
  • Configure Telnet on router Flash.
  • Configure router Mirror so it closes half-open connections to router Flash after 15 seconds.
  • Configure router Mirror so it starts closing half-open connections when there is more than one connection per second. It should keep doing this until the connection rate is about one per three minutes.
  • startup

  • Configure router Mirror so it only allows 20 half-open connections. Drop connections until you hit 15 half-open connections.

Topology:

You need to register to be able to download the GNS3 Topology File. (Registration is Free!)

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

2 Comments

  1. Hi.

    Could smb confirm whether my TCP INTERCEPT configurations are correct or not?

    [code]Mirror#show run | s tcp intercept
    ip tcp intercept list 100
    ip tcp intercept watch-timeout 15
    ip tcp intercept max-incomplete low 15
    ip tcp intercept max-incomplete high 20
    ip tcp intercept one-minute low 20
    ip tcp intercept one-minute high 60[/code]

Comments are closed.